A new and more stealth phishing scam has entered the Internet scam market. According to this link, scammers are now able to manipulate the hosts files in users' computers, thus redirecting them to their nefarious Web sites without the user ever realizing it. This is mainly done with script-laden emails, some of which may not even require users clicking on any links – just opening the email is enough.
Frankly I am surprised that it took this long for scammers to employ this trick. But abolishing the hosts file, as some experts might suggest, is not a solution to curb the crackers using this trick. First of all hosts files are still legitimate means of translating names into ip addresses. I bet many organizations still use them internally as a quick and simple DNS alternative. Secondly, hosts files are invaluable for debugging. I can't tell you how many times I have used the hosts file to troubleshoot DNS problems, access issues, or other host name related quirks. Without the hosts file, I would have had to tinker with a name server which is a lot more complex and may itself be the root of the problem.
Finally, who's to say the bad actors won't change the computer's DNS entries to point to their own evil name servers. If they can change the hosts files, modifying DNS entries takes just a little more work.
Let's not eliminate a helpful tool out of fear and desperation. Practicing good security is the only way to fight these types of attacks.
